gerboweb: Modularize deployment playbooks a bit

1 files changed, 52 insertions, 0 deletions

diff --git a/gerboweb/deploy/setup_webserver.yml b/gerboweb/deploy/setup_webserver.yml
new file mode 100644
index 0000000..7dc65c5
--- /dev/null
+++ b/gerboweb/deploy/setup_webserver.yml
@@ -0,0 +1,52 @@
+- name: Copy first stage nginx config
+  copy:
+      src: nginx_nossl.conf
+      dest: /etc/nginx/nginx.conf
+
+- name: Add nginx user to uwsgi group for access to uwsgi socket
+  user:
+      name: nginx
+      groups: uwsgi
+      append: yes
+
+- name: Copy uwsgi systemd socket config
+  copy:
+      src: uwsgi-app@.socket
+      dest: /etc/systemd/system/
+
+- name: Copy uwsgi systemd service config
+  copy:
+      src: uwsgi-app@.service
+      dest: /etc/systemd/system/
+
+- name: Set SELinux to permissive mode # FIXME this is to let nginx talk to uwsgi
+  selinux:
+    state: permissive
+    policy: targeted
+
+- name: Enable and launch nginx systemd service
+  systemd:
+      name: nginx.service
+      enabled: yes
+      state: restarted
+
+- name: Create letsencrypt certificate
+  command: certbot --nginx certonly -d gerbolyze.jaseg.net -n --agree-tos --email gerboweb@jaseg.net
+  args:
+      creates: /etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem
+
+- name: Copy final nginx config
+  copy:
+      src: nginx.conf
+      dest: /etc/nginx/nginx.conf
+
+- name: Restart nginx to load new cert
+  systemd:
+      name: nginx.service
+      state: restarted
+
+- name: Enable certbot renewal timer
+  systemd:
+      name: certbot-renew.timer
+      enabled: yes
+